| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
| |
Remove SUP name from RFC2307bis.update to match FDS
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
rest of the krb5.conf configuration were. This clearly breaks
with the default EXAMPLE.COM realm configuratrion. Furthermore
it makes it not possible to try to 'fix' an installation by
rerruninng ipa-client-install
This patch removes the special case and avoids krb5.conf only
if the on_master flag is passed.
Fix also one inner 'if' statement to be simpler to understand.
|
|
|
|
| |
currently kerberized (and may never be due to their nature).
|
|
|
|
| |
Fixes: 441566
|
| |
|
|
|
|
| |
Fixes: 462489
|
|
|
|
|
| |
This significantly simplifies the tool and makes it possible to apply
updates from the installer without forking off another process.
|
|
|
|
|
|
|
|
| |
Running at the end ensures that /etc/ipa/ipa.conf is created and generally
makes it more likely to succeed.
Added a new argument to ipa-server-installl, -y <password_file>, so we
don't have to pass it on the command-line.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The updates directory is currently hardcoded to /usr/share/ipa/updates.
All of the files are read into memory and then sorted by the length of the DN.
This is so we can be sure that parent entries are added before children.
Also add a man page.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also handle syntax errors a bit more gracefully and allow the updater to
work on more than one file at a time.
Adjust to new config.py and use a custom exception class for syntax errors.
Also fix a error in parsing the separate files
Include slapi-nis in Requires
Includes work provided by Martin Nagy
460055
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This tool takes as input a file which contains basically an LDIF, prefixed
with a command: default, add, remove or only. These define the operations
to perform such as adding new entries, adding new sub-entries to an existing
entry, adding or modifying attributes in a record.
If an index entry is modified a task is created to re-create the index.
Schema may be added using this tool.
454031
|
| |
|
| |
|
| |
|
|
|
|
| |
doesn't exist. Fixes: 459801
|
| |
|
| |
|
|
|
|
| |
unsuccessful. Fixes: 461213, 461325, 461332, 461543
|
|
|
|
| |
command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234
|
|
|
|
|
| |
Import all of change master key directly into the help fix,
allows for better control
|
| |
|
|
|
|
|
|
| |
This tool will dump and re-encrypt all keys, then reload and change
the master key in LDAP and in the stash file.
It will also restart the Directory Server and the the KDC
|
|
|
|
|
| |
but will allow for changing configurations without having to restart DS.
Password operations are slow and rare enough this is an acceptable compromise.
|
|
|
|
|
|
|
| |
We allow one to individually set first and last name but we do not
automatically update the common name so changes don't seem to happen.
451318
|
|
|
|
| |
452027
|
|
|
|
|
| |
1. Allow to specify the salt type along with the enctype
2. Allow to specify a password instead of forcing a random secret
|
|
|
|
|
|
| |
- wrong import in certs.py makes ipa-replica-manage fail
- close the fs after the stash file is written so that the file is updated
immediately and not when the fd is garbage collected
|
|
|
|
| |
459209
|
|
|
|
| |
448624, 448625
|
| |
|
|
|
|
|
|
| |
directory and ensure that it gets cleaned up when we're done with it.
458159
|
|
|
|
| |
does not work as expected and generates faulty keys
|
| |
|
|
|
|
|
|
| |
autoconfiguration files.
458871
|
|
|
|
|
|
| |
other apps.
459061
|
|
|
|
| |
450613, 457124
|
|
|
|
| |
thanks to W. Michael Petullo <mike@flyn.org> for finding the problem.
|
| |
|
| |
|
|
|
|
|
| |
protected connections to other LDAP servers
Fix error reporting on replica creation.
|
|
|
|
|
|
|
|
|
|
|
| |
ldap add and modify operation performed on the userPassword attribute.
Add helper functions to reduce code duplication.
Do not enforce encrypted connections on ldap add/ldap mod for compatibility
reasons. (We cannot enforce people not to send the password in the clear
anyway, we can only refuse to accept it at the most which does not gain
you much if someone then re-send you the same password previously exposed)
|
|
|
|
|
|
|
|
|
|
| |
Fix make maintainer-clean
Also make RPM naming consistent by using a temp RELEASE file.
This one helps when testing builds using rpms.
Just 'echo X > RELEASE' to build a new rpms (X, X+1, X+2 ...)
Version 1.1.0 was released some times ago, bump up to 1.1.1
|
|
|
|
|
|
| |
information. This way we do not risk to leave around sensitive data.
Set the destination host in the replica file too and do checks against
in ipa-replica-install
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We will use them to encrypt the replica file so that we can
transport it over more safely.
It contains sensitive data, by encrypting it we assure that
even if a distracted admin leaves it around it cannot be accessed
without knowing the access passphrase (usually the Directory Manager
password)
Along the way fix also ipautil.run which was buggy and not passing
in correctly stdin.
Add dependency for gnupg in spec file
|
|
|
|
|
| |
Use SystemRandom() instead of Random() so that the randomicity
is non-deterministic.
|